The Secret China-U.S. Hacking War

Numerous hacks from the Far East sure look like concerted attacks against U.S. military installations, but nobody's saying for sure.

Is the United States under attack again?
Recent reports have the U.S. military not quite blaming the Chinese military for a long string of cyber-attacks against U.S. military computers. It sure sounds like they believe it, but they're not quite saying it. Also left unsaid is how much actual damage and compromise has happened already.

The Journal article quotes Gen. Kevin Chilton, "[t]he top U.S. commander in charge of cyberspace," as saying that the networks are under attack, and that there is significant evidence implicating the Chinese but not outright accusing them. "The thing about China that gives you pause is that they've written openly about their emphasis in particular areas--space and cyberspace," he said.
International cyber-wars are becoming a not-uncommon occurrence. Last year the Internet infrastructure of Estonia was largely taken down by attacks from Russia, following a dispute with Russia over the fate of a World War II memorial. But that attack was against the civilian Internet infrastructure: the ISPs and banks, for example, not the Estonian military or government. Such attacks can impact the entire Internet, and are fundamentally different from targeted hacks against specific installations. It's the difference between war and espionage.
I asked Gadi Evron, who consulted on the Estonian responses to the attacks they received. He confirms that China is a dangerous place for the Internet. "I can confirm targeted attacks with sophisticated technologies have been launched against obvious enemies of China. I can also confirm that China's network is the most plagued with cyber-crime in the world, being abused and used to launch attacks ranging from fraud to denial-of-service, worldwide. Who is behind these attacks can't be easily said, but it can be an American cyber-criminal, a Nigerian spammer or the Chinese themselves."
The Chinese government may try to exert control over the Internet that we find despotic, but they're not the only people using it there. Other actors in China can and do engage in the same Internet crimes that occur everywhere else. Evron adds: "Due to IP address spoofing and the fact criminals can take over and use computers worldwide as if they were their own, being sure about this is not possible by technical means--the Internet is perfect for plausible deniability."
But plausible deniability is not proof either way, and it's still reasonable for intelligence estimators like General Chilton to come to reasonable conclusions based on evidence. Even if you can't prove that the government was involved in an attack coming from China, it still bears some responsibility.
So is this a unilateral war or are we also attacking them? Don't expect a straight answer out of the U.S. military on that one either, or from the Chinese military for that matter. We have plenty of civilian and military networks capable of performing similar attacks and having an interest in doing so. It's just another espionage tool, and no more or less moral than others we've used in the past.
SecurityCenter Editor Larry Seltzer has worked in and written about the computer industry since 1983.
For insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's blog Cheap Hack.

Larry Seltzer has been writing software for and English about computers ever since,much to his own amazement,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.